Spybot keeps catching stuff and windows pop up every 5 seconds and it won't go away. I followed the tutorial and ran web virus/spyware cleaners, each one finding something slightly different. Please help!

I hope it's okay to post the HJT log here:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:12 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\Sandra\LOCALS~1\Temp\Temporary Directory 1 for s2kctl15b103.zip\S2kCtl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\CCZoop05.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\sys02900590961.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\absw\whto.exe
C:\DOCUME~1\Sandra\APPLIC~1\SKS~1\WNSPOO~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\spware-anti\hjt\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jenfqed.exe
O2 - BHO: (no name) - {03E6DBA5-AA3A-4BA6-8EF3-2CC475652143} - C:\Program Files\Messenger\sade.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsq62.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmqcxy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O2 - BHO: (no name) - {D5C3654F-1073-4631-B28A-D54E9309E32B} - C:\Program Files\Messenger\sade.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [S2kCtl] C:\DOCUME~1\Sandra\LOCALS~1\Temp\Temporary Directory 1 for s2kctl15b103.zip\S2kCtl.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [sys02900590961] C:\WINDOWS\sys02900590961.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [Rup] "C:\Program Files\absw\whto.exe" -vt yazb
O4 - HKCU\..\Run: [Lycpzn] C:\DOCUME~1\Sandra\APPLIC~1\SKS~1\WNSPOO~1.EXE
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52321D3D-ED59-4C60-B4DF-F96B58706943}: NameServer = 68.94.156.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Also the Activescan log from today (next post).

Activescan log:
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Henry\Local Settings\Temp\Cookies\henry@ad.yieldmanager[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Henry\Local Settings\Temp\Cookies\henry@banners.searchingbooth[1].txt
Adware:Adware/StartPage.AHW Not disinfected C:\Documents and Settings\Henry\Local Settings\Temp\temp.fr2BA3
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Henry\Local Settings\Temp\temp.frF78D\Programs\webhdll.dll
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Isaac\Cookies\isaac@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Isaac\Cookies\isaac@go[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@112.2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@888[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ath.belnk[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c.enhance[2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c.goclick[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c2.gostats[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@c3.gostats[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@did-it[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@entrepreneur[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@fe.lea.lycos[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@gostats[2].txt
Spyware:Cookie/Bettersearch Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@index[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@microsofteup.112.2o7[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@mmm.media-motor[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@overture[2].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@pacificpoker[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@searchportal.information[1].txt
Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@servlet[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@target[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@tucows[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www.myaffiliateprogram[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www.paypopup[2].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@xiti[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Sandra\Cookies\sandra@yadro[1].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\!update.exe

. . . .
more next post . . .

. . . . .
Spyware:Spyware/LinkReplacer Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\B6DD.tmp[nr1rnqm8.exe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@atwola[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@go[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@ig.com[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\Cookies\sandra@target[2].txt
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\nsc3.tmp\nsProcess.dll
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\nso2.tmp\nsProcess.dll
Adware:Adware/DollarRevenue Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\nsw3.tmp\nsProcess.dll
Virus:Trj/Downloader.AYV Disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\pre.exe
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\qms1.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\qms2.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\s2go.c.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\SskUpdater3.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr8808\Ssk.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr8808\SskBho.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr9C5A\Ssk.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr9C5A\SskBho.dll
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\temp.frF745
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\VSL07.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temp\VSL07.exe[auxe.exe]
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\IPCB6XOX\sploit[1].anr
Virus:Exploit/Metafile Disinfected C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\W9I7W9QJ\xpl[1].wmf
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\X6O6T9WH\VSL07[1].exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\X6O6T9WH\VSL07[1].exe[auxe.exe]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Ssk.log


Hopefully, someone can take a minute to give me some hints.

Welcome hallsan

Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
We will remind you to turn it on later

Since its been a few days Make and post a new hijackthis log

Thanks, Lonny... Over the last few days it has been SurfSideKick3 that has lingered and resisted all efforts to clean.

Here's the log today:
Logfile of HijackThis v1.99.1
Scan saved at 12:56:00 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\spware-anti\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.averatec.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jenfqed.exe
O2 - BHO: (no name) - {03E6DBA5-AA3A-4BA6-8EF3-2CC475652143} - C:\Program Files\Messenger\sade.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D5C3654F-1073-4631-B28A-D54E9309E32B} - C:\Program Files\Messenger\sade.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [S2kCtl] C:\DOCUME~1\Sandra\LOCALS~1\Temp\Temporary Directory 1 for s2kctl15b103.zip\S2kCtl.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [sys02900590961] C:\WINDOWS\sys02900590961.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52321D3D-ED59-4C60-B4DF-F96B58706943}: NameServer = 68.94.156.1
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Start Hijackthis and place a check next to (ONLY)these items If there.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O2 - BHO: (no name) - {03E6DBA5-AA3A-4BA6-8EF3-2CC475652143} - C:\Program Files\Messenger\sade.dll
O2 - BHO: (no name) - {D5C3654F-1073-4631-B28A-D54E9309E32B} - C:\Program Files\Messenger\sade.dll
O4 - HKLM\..\Run: [S2kCtl] C:\DOCUME~1\Sandra\LOCALS~1\Temp\Temporary Directory 1 for s2kctl15b103.zip\S2kCtl.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [sys02900590961] C:\WINDOWS\sys02900590961.exe
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Combofix to your desktop:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Start Time= Wed 06/21/2006 18:53:30.30
Running from: C:\DOCUME~1\ADMINI~1\DESKTOP\COMBOFIX.EXE

((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Administrator\Application Data\Sskdmns.dll
C:\Documents and Settings\Administrator\Application Data\Sskknwrd.dll
C:\Documents and Settings\Administrator\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Sandra\Application Data\Sskdmns.dll
C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr8808\SskBho.dll
C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr8808\SskCore.dll
C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr9C5A\SskBho.dll
C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr9C5A\SskCore.dll
C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\Prefetch\SSKUPDATER3.EXE-0D6A7539.pf


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\Documents and Settings\Sandra\Local Settings\Temp\temp.fr9C5A\SskCore.dll

19:23:43.48
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-06-17 20:15:10 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-06-17 19:13:50 ( .D... ) "C:\Documents and Settings\Sandra\Application Data\??crosoft.NET"
2006-06-17 11:29:08 ( .D... ) "C:\Program Files\elticons"
2006-06-17 11:29:04 129649 ( A.... ) "C:\WINDOWS\elpp100drop.exe"
2006-06-17 11:24:28 ( .D... ) "C:\Program Files\?ssembly"
2006-06-15 21:34:48 ( .D... ) "C:\Documents and Settings\Sandra\Application Data\M?crosoft.NET"
2006-06-13 12:14:56 32540 ( A.... ) "C:\WINDOWS\system32\adrot-uninst.exe"
2006-06-13 11:59:02 ( .D... ) "C:\Program Files\Windows Defender"
2006-06-13 11:57:34 81920 ( A.... ) "C:\WINDOWS\system32\taskmgr.dll"
2006-06-13 11:57:34 ( .D... ) "C:\Documents and Settings\Sandra\Application Data\ç?sks"
2006-06-13 11:57:04 234248 ( A.... ) "C:\WINDOWS\Tagasuarus2.exe"
2006-06-12 23:35:28 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-06-12 11:04:54 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-06-12 09:09:36 48194 ( A.... ) "C:\WINDOWS\system32\VSL07.exe"
2006-06-12 09:09:34 ( .D... ) "C:\Documents and Settings\Sandra\Application Data\System Restore"
2006-06-07 17:59:40 ( .D... ) "C:\Program Files\Windows"
2006-06-07 17:56:08 ( .D... ) "C:\Program Files\Common Files\kifi"
2006-06-01 11:47:08 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 11:47:08 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2006-05-29 08:30:34 1494016 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2006-05-25 01:22:06 53248 ( A.... ) "C:\WINDOWS\bdoscandel.exe"
2006-05-21 19:56:14 ( .D... ) "C:\Program Files\InterActual"
2006-05-19 08:08:32 3052544 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2006-05-17 22:24:26 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2006-05-17 11:23:38 579888 ( A.... ) "C:\WINDOWS\system32\LegitCheckControl.DLL"
2006-05-14 01:44:08 181248 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2006-05-13 20:31:58 ( .D... ) "C:\Documents and Settings\Sandra\Application Data\Media Player Classic"
2006-05-13 20:28:44 ( .D... ) "C:\Program Files\Real Alternative"
2006-05-13 20:28:44 ( .D... ) "C:\Program Files\Media Player Classic"
2006-05-13 13:24:48 ( .D... ) "C:\Documents and Settings\Sandra\Application Data\uTorrent"
2006-05-13 13:23:18 ( .D... ) "C:\Program Files\uTorrent"
2006-05-11 01:23:24 24576 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2006-05-09 22:23:04 658432 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2006-05-09 22:23:02 613888 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2006-05-09 22:23:02 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2006-05-09 22:23:02 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2006-05-09 22:23:02 448512 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2006-05-09 22:23:02 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2006-05-09 22:23:02 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2006-05-09 22:23:00 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2006-05-09 22:23:00 1022976 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2006-05-09 22:23:00 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-09 22:23:00 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2006-05-09 22:23:00 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2006-05-09 22:23:00 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2006-05-09 22:23:00 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
2006-05-09 22:23:00 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2006-05-09 22:23:00 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2006-05-08 06:58:26 ( .D... ) "C:\Program Files\Common Files\Napster Shared"
2006-05-08 06:56:10 ( .D... ) "C:\Program Files\Napster"
2006-04-24 15:40:00 4730880 ( A.... ) "C:\WINDOWS\system32\wmp.dll"
2006-04-06 10:54:38 73728 ( A.... ) "C:\WINDOWS\system32\asuninst.exe"
2006-03-31 12:40:58 2388176 ( A.... ) "C:\WINDOWS\system32\d3dx9_30.dll"
2006-03-31 12:39:48 229584 ( A.... ) "C:\WINDOWS\system32\xactengine2_1.dll"
2006-03-31 12:39:24 62672 ( A.... ) "C:\WINDOWS\system32\xinput1_1.dll"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TabletWizard"="C:\\WINDOWS\\help\\SplshWrp.exe"
"TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"wallp2.exe"="C:\\WINDOWS\\system32\\wallp2.exe"
"VSL07.exe"="C:\\WINDOWS\\system32\\VSL07.exe"
"Rup"="\"C:\\DOCUME~1\\Sandra\\MYDOCU~1\\STEM32~1\\ati2evxx.exe\" -vt tzt"
"Lycpzn"="C:\\DOCUME~1\\Sandra\\APPLIC~1\\SKS~1\\WNSPOO~1.EXE"
"sys_up1"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\vilelezo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows Media Player\\sajy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=hex(2):25,77,69,6e,64,69,72,25,5c,68,65,6c,70,5c,77,69,7a,61,72,\
64,2e,68,74,61,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"TabletWizard"=hex(2):25,77,69,6e,64,69,72,25,5c,68,65,6c,70,5c,77,69,7a,61,72,\
64,2e,68,74,61,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Alias SketchBook Snapshot.lnk"
"backup"="C:\\WINDOWS\\pss\\Alias SketchBook Snapshot.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Alias\\ALIASS~1.0\\ALIASS~1.EXE "
"item"="Alias SketchBook Snapshot"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\10377~1.362\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office OneNote 2003 Quick Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\sistray.exe "
"item"="Utility Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="sm56hlpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SnippingTool"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Experience Pack\\Snipping Tool\\SnippingTool.exe\" /i"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=dword:00000003


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Wed 06/21/2006 19:23:51.14
ComboFix ver 06.06.22 - This logfile is located at C:\ComboFix.txt

Good now a fresh hijackthis log please

Logfile of HijackThis v1.99.1
Scan saved at 9:25:50 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\DOCUME~1\Sandra\MYDOCU~1\STEM32~1\ati2evxx.exe
C:\DOCUME~1\Sandra\APPLIC~1\SKS~1\WNSPOO~1.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\spware-anti\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jenfqed.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB318E6A-DC8D-4ECA-A066-F83FF4387154} - C:\Program Files\Messenger\sade.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [Rup] "C:\DOCUME~1\Sandra\MYDOCU~1\STEM32~1\ati2evxx.exe" -vt tzt
O4 - HKCU\..\Run: [Lycpzn] C:\DOCUME~1\Sandra\APPLIC~1\SKS~1\WNSPOO~1.EXE
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52321D3D-ED59-4C60-B4DF-F96B58706943}: NameServer = 68.94.156.1
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Start Hijackthis and place a check next to these items If there.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jenfqed.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINDOWS\system32\VSL07.exe
O4 - HKCU\..\Run: [Rup] "C:\DOCUME~1\Sandra\MYDOCU~1\STEM32~1\ati2evxx.exe" -vt tzt
O4 - HKCU\..\Run: [Lycpzn] C:\DOCUME~1\Sandra\APPLIC~1\SKS~1\WNSPOO~1.EXE
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
====================================
Hit fix checked and close Hijackthis.

Set windows to show hiddenfiles/folders and extensions
for XP systems Open any folder, Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Apply to confirm. Click OK.

1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)

Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
Update the program and close it

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As")
save as text Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt rename to alcanshorty.bfu
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:

Click on scanner
Scanner tab at the top and then click on Complete System Scan This scan can take quite a while to run,
so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the
recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the
right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this
file again (like on the Desktop).Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Hi Lonny

Thanks so much for all your help. I have a question about the BFU script. I looked it over and even tho I don't claim to understand what it is doing, it seems to be deleting a lot of things that I might need. And I don't see SurfSideKick in there, which has become the bane of my computer's existence.

So I have downloaded everything and will run ewido right now, but I'd appreciate a bit more info about the alcanshorty script, if it's not too much trouble. Then I will run it too.

Thanks again

Does it help if i say it cannot and wont delete anything but bad guys if they are present ?

Okay, well that is reassuring, actually. And I'm so desperate to get rid of the infection that I'm taking your work for it and I'll trust that it's all good and proceed with the cleanup! Thanks for the quick reply. I really appreciate this help SOOO much!

HJT:
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\spware-anti\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB318E6A-DC8D-4ECA-A066-F83FF4387154} - C:\Program Files\Messenger\sade.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ms05590961900] C:\WINDOWS\ms05590961900.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yvwq] C:\WINDOWS\system32\WNSXS~1\nopdb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52321D3D-ED59-4C60-B4DF-F96B58706943}: NameServer = 68.94.156.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
end HJT

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
Report was too big (49K) to fit so I zipped and attached it. I hope that alright.

Thanks

Next time be sure to post the entire hiajckthis log, please :)

Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O2 - BHO: (no name) - {AB318E6A-DC8D-4ECA-A066-F83FF4387154} - C:\Program Files\Messenger\sade.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [ms05590961900] C:\WINDOWS\ms05590961900.exe
O4 - HKCU\..\Run: [Yvwq] C:\WINDOWS\system32\WNSXS~1\nopdb.exe

====================================
Hit fix checked
Scan again place a check next to this item and hit fix checked
O20 - AppInit_DLLs: C:\WINDOWS\system32\taskmgr.dll
You will see an error, dont worry about that
Close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In your ewido report i see you had it take no action, next time have it do the recommended actions otherwise it does nothing.

Its doesnt appear your running an antivirus program ?

Use your pc for about half a day then report back with any problems you have noticed and another (complete) hiajckthis log.

hallsan ?

Hi Lonny...
Sorry to be absent for so long. I 'm very happy to report that the popups have ceased!!!! I took your last instructions and after running anti-spyware a couple of times, and after using my computer every day since, I haven't observed any popups.

Thanks again for you kind assistance.

Just to complete the cycle, here's my HJT log.

Sandra

Logfile of HijackThis v1.99.1
Scan saved at 3:38:29 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\spware-anti\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52321D3D-ED59-4C60-B4DF-F96B58706943}: NameServer = 68.94.156.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Looks ok but I see trends antispyware but no sing of any antivirus program .
why is that ?

For security reasons
Update suns java manualy
Sun Java V1.5.0_07 is Available:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

Well, I know I should have something but I never have picked one. Do you have any recommendations?

:D There are several free programs mentioned here
http://forums.spybot.info/showthread.php?t=279

If you can afford paying, i suggest NOD32 by eset or Kaspersky antivirus.

As the problem appears to be resolved this topic will be archived. :)

If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.